Information systems 365 lecture eight

Information Security 365/765, Fall Semester, 2014
Course Instructor, Nicholas Davis
Lecture 8, Telecommunications and Network Security

TTooddaayy’’ss CChhooccoollaattee BBaarr
YYoouurr OOlldd FFrriieenndd SSnniicckkeerrss
10/07/14 UNIVERSITY OF WISCONSIN 2

TTeelleeccoommmmuunniiccaattiioonnss aanndd
NNeettwwoorrkk SSeeccuurriittyy OOvveerrvviieeww
The OSI seven layer model
TCP/IP and other protocols
LAN, WAN, MAN, intranet, extranet
Cable types and data transmission types
Network devices and services
Communications security management
Telecommunications devices
Remote access methods and technologies
Wireless technologies

TThhee OOSSII SSeevveenn LLaayyeerr MMooddeell
The Open Systems Interconnection
model (OSI) is a conceptual model that
characterizes and standardizes the
internal functions of a communication
system by partitioning it into abstraction
layers. The model is a product of the
Open Systems Interconnection project
at the International Organization for
Standardization (ISO)

LLaayyeerr 11:: PPhhyyssiiccaall LLaayyeerr
This is the physical stuff connecting
computers together (cables, switches,
routers, modems etc etc).

LLaayyeerr 22:: DDaattaa LLiinnkk
This is where switches operate.

LLaayyeerr 33:: NNeettwwoorrkk
This is where routers operate. Anything
regarding the TCP/IP protocol happens
here. Think IP’s, subnet masks, default
gateways etc.

LLaayyeerr 44:: TTrraannssppoorrtt
This layer deals how much information
is sent back and forth in a session. Using
the website example it handles the
information the user sends in a request,
and then the information the server has
to retrieve and send back in order for
you to see the website.

LLaayyeerr 55:: SSeessssiioonn
This layer deals with communication
between two devices. For example: when
the user goes to a website, the user’s
computer must open a session between
itself and server hosting the website,
thus allowing the user to receive the
website in the first place. The same goes
for any sort of communication, ie VOIP
etc.

LLaayyeerr 66:: PPrreesseennttaattiioonn
This is the OS.

LLaayyeerr 77:: AApppplliiccaattiioonn
This is the layer the user is interacting
with (software). This can be skype,
chrome etc.

IIPP –– IInntteerrnneett PPrroottooccooll
HHooww tthhee IInntteerrnneett TTaallkkss
A protocol (means of communication)
which provides a means for routing data
to its destination
Think of it this way:
Data = A letter
IP address = Addressed envelope
Network = the postal system

TTCCPP aanndd UUDDPP
TTwwoo MMaajjoorr PPrroottooccoollss FFoorr
TTrraannssmmiissssiioonn OOvveerr IIPP

RReelliiaabbaaiilliittyy TTCCPP
TCP is connection-oriented protocol.
When a file or message send it will get
delivered unless connections fails. If
connection lost, the server will request
the lost part. There is no corruption
while transferring a message.

RReelliiaabbiilliittyy UUDDPP
UDP is connectionless protocol. When
you a send a data or message, you don't
know if it'll get there, it could get lost on
the way. There may be corruption while
transferring a message.

OOrrddeerreedd DDeelliivveerryy TTCCPP
Ordered: If you send two messages along a
connection, one after the other, you know
the first message will get there first. You
don't have to worry about data arriving in
the wrong order

NNoo OOrrddeerreedd DDeelliivveerryy UUDDPP
If you send two messages out, you don't
know what order they'll arrive in i.e. no
ordered

TTCCPP iiss aa HHeeaavvyywweeiigghhtt
PPrroottooccooll
Heavyweight: - when the low level parts
of the TCP "stream" arrive in the wrong
order, resend requests have to be sent,
and all the out of sequence parts have to
be put back together, so requires a bit of
work to piece together

UUDDPP iiss aa LLiigghhttwweeiigghhtt PPrroottooccll
Lightweight: No ordering of messages,
no tracking connections, etc. It's just fire
and forget! This means it's a lot quicker,
and the network card / OS have to do
very little work to translate the data back
from the packets.

TTCCPP SSttrreeaammiinngg
Streaming: Data is read as a "stream,"
with nothing distinguishing where one
packet ends and another begins. There
may be multiple packets per read call.

UUDDPP DDaattaaggrraammss
Datagrams: Packets are sent
individually and are guaranteed to be
whole if they arrive. One packet per one
read call.

EExxaammpplleess ooff TTCCPP SSeerrvviicceess
Examples: World Wide Web (Apache TCP
port 80), e-mail (SMTP TCP port 25 Postfix
MTA), File Transfer Protocol (FTP port 21)
and Secure Shell (OpenSSH port 22) etc.

EExxaammpplleess ooff UUDDPP SSeerrvviicceess
Examples: Domain Name System (DNS
UDP port 53), streaming media
applications such as IPTV or movies,
Voice over IP (VoIP), Trivial File Transfer
Protocol (TFTP) and online multiplayer
games etc

WWhhaatt iiss YYoouurr OOppiinniioonn ooff
WWhheenn ttoo UUssee TTCCPP vvss.. UUDDPP??
TCP is typically slower than UDP
UDP is typically less reliable than TCP

TThhee TTCCPP HHaannddsshhaakkee

EEvveerryy NNooddee oonn aann IIPP NNeettwwoorrkk
HHaass aann IIPP AAddddrreessss
In IPv4 there are five classes of IP
addresses A-E
Class A = Very large networks
Class B = Medium to large size networks
Class C = Small networks
Class D = Reserved for multicasting
Class E = Experimental and educational
use

BBaasseebbaanndd vvss BBrrooaaddbbaanndd
CCoommmmuunniiccaattiioonn
Baseband uses the entire bandwidth of a
communication channel for its
transmission
Broadband divides the available
bandwidth into individual channels,
each carrying independent data streams

TThhee 55 TTyyppeess ooff PPhhyyssiiccaall
NNeettwwoorrkk TTooppoollooggiieess
Bus
Ring
Star
Tree
Mesh

BBuuss TTooppoollooggyy
Bus networks (not to be confused with the
system bus of a computer) use a common
backbone to connect all devices. A single
cable, the backbone functions as a shared
communication medium that devices attach
or tap into with an interface connector. A
device wanting to communicate with
another device on the network sends a
broadcast message onto the wire that all
other devices see, but only the intended
recipient actually accepts and processes the
message.

Ring Topology
In a ring network, every device has
exactly two neighbors for
communication purposes. All messages
travel through a ring in the same
direction (either "clockwise" or
"counterclockwise"). A failure in any
cable or device breaks the loop and can
take down the entire network.

Star Topology
Many home networks use the star topology.
A star network features a central
connection point called a "hub node" that
may be a network hub , switch or router .
Devices typically connect to the hub with
Unshielded Twisted Pair (UTP) Ethernet.
Compared to the bus topology, a star
network generally requires more cable, but
a failure in any star network cable will only
take down one computer's network access
and not the entire LAN. (If the hub fails,
however, the entire network also fails.)

TTrreeee TTooppoollooggyy
CCoorrppoorraattee NNeettwwoorrkkss
Tree topologies integrate multiple star
topologies together onto a bus. In its
simplest form, only hub devices connect
directly to the tree bus, and each hub
functions as the root of a tree of devices.
This bus/star hybrid approach supports
future expandability of the network much
better than a bus (limited in the number of
devices due to the broadcast traffic it
generates) or a star (limited by the number
of hub connection points) alone.

MMeesshh TTooppoollooggyy
TThhee LLaarrggeerr IInntteerrnneett
Mesh topologies involve the concept of
routes. Unlike each of the previous
topologies, messages sent on a mesh
network can take any of several possible
paths from source to destination. (Recall
that even in a ring, although two cable
paths exist, messages can only travel in
one direction.) Some WANs , most
notably the Internet, employ mesh
routing.

SSuummmmaarryy ooff
NNeettwwoorrkk TTooppoollooggiieess
Topologies remain an important part of
network design theory. You can
probably build a home or small business
computer network without
understanding the difference between a
bus design and a star design. However,
each type of topology has security
implications.

NNeettwwoorrkk CCaabblliinngg
CCooaaxxiiaall CCaabbllee
Coaxial cable, or coax (pronounced
'ko.æks), is a type of cable that has an
inner conductor surrounded by a
tubular insulating layer, surrounded by
a tubular conducting shield. Many
coaxial cables also have an insulating
outer sheath or jacket.

TTwwiisstteedd PPaaiirr
Twisted pair cabling is a type of wiring
in which two conductors of a single
circuit are twisted together for the
purposes of canceling out
electromagnetic interference from
external sources; for instance,
electromagnetic radiation from
unshielded twisted pair cables, and
crosstalk between neighboring pairs.

FFiibbeerr OOppttiicc
A technology that uses glass (or plastic)
threads (fibers) to transmit data.
A fiber optic cable consists of a
bundle of glass threads, each of which is
capable of transmitting messages
modulated onto light waves. Fiber
optics has several advantages over
traditional metal communications lines:

FFoorr BBeetttteerr SSeeccuurriittyy UUssee
CCooaaxxiiaall CCaabbllee oorr FFiibbeerr OOppttiiccss
Signal leakage from twisted pair cables
makes them vulnerable to snooping of
the data traffic

BBeewwaarree ooff SSiiggnnaall AAtttteennuuaattiioonn
((lloossss ooff ssiiggnnaall oovveerr ddiissttaannccee))

AAssssiiggnniinngg AAnn IIPP AAddddrreessss
DDHHCCPP
Dynamic Host Configuration
Protocol (DHCP) is a network
protocol that enables a server to
automatically assign an IP address to a
computer from a defined range of
numbers (i.e., a scope) configured for a
given network. DHCP assigns an IP
address when a system is started, for
example, your cable modem at home
uses DHCP

AAssssiiggnniinngg aann IIPP AAddddrreessss
SSttaattiicc
If you feel the need to always know what
your IP address is then you need a Static
IP address, because it is constant. Static
IP addresses are used on servers making
it easy for all computers to contact them,
since they will know what the address of
the server is

DDiiffffeerreenntt TTyyppeess ooff NNeettwwoorrkk
DDeevviicceess
Repeaters
Bridges
Routers
Switches

RReeppeeaatteerr
In telecommunications, a repeater is an
electronic device that receives a signal and
retransmits it at a higher level or higher power,
or onto the other side of an obstruction, so that
the signal can cover longer distances.

BBrriiddggee
A network bridge is a network device that
connects multiple network segments. In the
OSI model bridging acts in the first two
layers, below the network layer.

RRoouutteerr
A router is a networking device,
commonly specialized hardware, that
forwards data packets between
computer networks.

NNeettwwoorrkk SSwwiittcchh
A network switch (sometimes known
as a switching hub) is a
computer networking device that is
used to connect devices together on a
computer network, by using a form of
packet switching to forward data to the
destination device.

NNeettwwoorrkk GGaatteewwaayy
In computer networking,
a gateway is a node (a router) on a
TCP/IPnetwork that serves as an
access point to another network. A
defaultgateway is the node on the
computer network that
the networksoftware uses when an IP
address does not match any other routes
in the routing table.

FFiirreewwaallll
In computing, a firewall is a network
security system that controls the
incoming and outgoing network traffic
based on applied rule set. A firewall
establishes a barrier between a trusted,
secure internal network and another
network (e.g., the Internet) that is not
assumed to be secure and trusted.

TThhee TTrriicckkeerryy ooff aa HHoonneeyyppoott
A honey pot is a computer system on the
Internet that is expressly set up to
attract and "trap" people who attempt to
penetrate other people's computer
systems.
You can learn a lot from a Honeypot

NNeettwwoorrkk SSeeggmmeennttaattiioonn
Reduced congestion: Improved
performance is achieved because on a
segmented network there are fewer hosts
per subnetwork, thus minimizing local
traffic
Improved security: Broadcasts will be
contained to local network. Internal
network structure will not be visible from
outside
Containing network problems:
Limiting the effect of local failures on other
parts of network

DDNNSS
DDoommaaiinn NNaammiinngg SSeerrvviiccee
The DNS translates Internet domain and host
names to IP addresses. DNS automatically
converts the names we type in our Web
browser address bar to the IP addresses of Web
servers hosting those sites.
DNS implements a distributed database to
store this name and address information for all
public hosts on the Internet. DNS assumes IP
addresses do not change (are statically
assigned rather than dynamically assigned).

DDNNSS PPooiissoonniinngg
DNS spoofing (or DNS cache poisoning)
is a computer hacking attack, whereby
data is introduced into a Domain Name
System (DNS) name server's cache
database, causing the name server to
return an incorrect IP address, diverting
traffic to another computer (often the
attacker's).

DDiirreeccttoorryy SSeerrvviicceess
Directory services are software
programs that link directly into core
databases to manage the identities and
security of users on a network. They are
crucial to many medium and large
organisations.

NNAATT
NNeettwwoorrkk AAddddrreessss TTrraannssllaattiioonn
NAT (Network Address Translation or
Network Address Translator) is the
translation of an Internet Protocol
address (IP address) used within one
network to a different IP address known
within another network.

TThhee CCoorrppoorraattee IInnttrraanneett
a local or restricted communications
network, especially a private network
created using World Wide Web
software.

TThhee CCoorrppoorraattee EExxttrraanneett
An intranet that can be partially
accessed by authorized outside users,
enabling businesses to exchange
information over the Internet securely.

TThhee LLAANN
A local area network (LAN) is a
computer network that interconnects
computers within a limited area such as
a home, school, computer laboratory, or
office building, using network media.

TThhee MMAANN
A Metropolitan Area Network (MAN) is
a large computer network that spans a
metropolitan area or campus. Its
geographic scope falls between a WAN
and LAN. MANs provide Internet
connectivity for LANs in a metropolitan
region, and connect them to wider area
networks like the Internet.

TThhee WWAANN
A wide area network (WAN) is a
computer network that spans a relatively
large geographical area and consists of
two or more interconnected local area
networks (LANs). A LAN is a network
that connects computers and other
devices in a relatively small area,
typically a single building or a group of
adjacent buildings.

QQuuaalliittyy ooff SSeerrvviiccee
QQOOSS
Quality of service (QoS) is the overall
performance of a telephony or computer
network, particularly the performance seen
by the users of the network.
Three levels of QOS are:
Best Effort – We try
Differentiated Service – We elevate above
best effort
Guaranteed Service – Has priority over all

RReemmoottee AAcccceessss aanndd WWaarrddiiaalliinngg
Remote access is the ability to get access
to a computer or a network from a
remote distance. In corporations, people
at branch offices, telecommuters, and
people who are travelling may need
access to the corporation's network.

WWaarr DDiiaalliinngg
War dialing or wardialing is a technique of
using a modem to automatically scan a list of
telephone numbers, usually dialing every
number in a local area code to search for
computers, Bulletin board systems and fax
machines. Hackers use the resulting lists for
various purposes: hobbyists for exploration,
and crackers - malicious hackers who specialize
in computer security - for guessing user
accounts (by capturing voicemail greetings), or
locating modems that might provide an entry-point
into computer or other electronic
systems. It may also be used by security
personnel, for example, to detect unauthorized
devices, such as modems or faxes, on a
company's telephone network.

DDSSLL aanndd CCaabbllee MMooddeemmss
AA NNeeww VVuullnneerraabbiilliittyy
In the old days, people would dialup,
connect and then disconnect to the
Internet via modem
Exposure time was limited
DSL and cable modems are always on,
so exposure time is no longer limited,
creating an opportunity for hackers

VViirrttuuaall PPrriivvaattee NNeettwwoorrkk
VVPPNN
A virtual private network (VPN) is a
network that uses a public
telecommunication infrastructure, such
as the Internet, to provide remote offices
or individual users with secure access to
their organization's network.

880022..1111 WWiirreelleessss NNeettwwoorrkkss
A family of IEEE standards that extend the
common wired Ethernet local network
standard into the wireless domain. The 802.11
standards are widely known as "Wi-Fi" because
the Wi-Fi Alliance provides certification for
802.11 products. There have been four major
802.11 standards designated with letter suffixes
(a, b, g and n); the latest and fastest being
802.11n (the slowest is 802.11b, and the two
medium speed are 802.11a and 802.11g). For
more about Wi-Fi networks, see wireless LAN
and Wi-Fi. Following are the 802.11
specifications, from slowest to fastest.

BBlluueettooootthh WWiirreelleessss
Bluetooth wireless technology is a
technology that allows computers,
phones, headsets, PDA's and other
devices to wirelessly communicate over
short distances (typically about 33 feet).
Encrypted
Low power
Simple protocol (relative to wifi)

MMoobbiillee PPhhoonnee SSeeccuurriittyy
Usually not encrypted
Mobile base station impersonation
Mobile phone cloning
Encrypted over wireless portion, but
usually not over the wired backhaul
connection
Access to Internet, bypassing corporate
firewalls
Malware threats worse than on a regular
computer
Ability to access camera is a threat

WWiirreelleessss BBeesstt PPrraaccttiicceess
At least enable WEP, if not stronger
encryption
Change default SSID (name of network)
Disable broadcast SSID (name of
network)
Place the Access Point at the center of
the building to avoid external access
Configure the Access Point to only allow
known MAC (hardware) addresses into
the network

AA NNoottee AAbboouutt RRoooottkkiittss
A rootkit is a stealthy type of software,
typically malicious, designed to hide the
existence of certain processes or programs
from normal methods of detection and
enable continued privileged access to a
computer.[1] The term rootkit is a
concatenation of "root" (the traditional
name of the privileged account on Unix
operating systems) and the word "kit"
(which refers to the software components
that implement the tool). The term
"rootkit" has negative connotations through
its association with malware.[1]

DDaannggeerrss ooff IInnssttaanntt MMeessssaaggiinngg
IIMM
Communication via IM is usually not
encrypted
IM often allows the transfer of files,
which could enable someone to send
sensitive data off-site without being
noticed by corporate detection systems,
which may not be setup to monitor
unauthorized and unknown use of IM
for personal purposes (Facebook IM)

Information systems 365 lecture eight

Recomendados

Recomendados

Mais conteúdo relacionado

Destaque

Destaque (20)

Semelhante a Information systems 365 lecture eight

Semelhante a Information systems 365 lecture eight (20)

Mais de Nicholas Davis

Mais de Nicholas Davis (20)

Information systems 365 lecture eight